Authentication

Overview

To interact with Ceffu APIs, all requests must be authenticated using your Ceffu API Key and signed with your private API Secret. Ceffu enforces secure RSA-based request signatures to protect access to your custodial infrastructure.

API keys can be created on the Ceffu Web Platform under Entity Management > API Management. Keys can only be created and managed by roles with the proper authority:

Creator

Admin

Once created, you will receive two values:

API Key

API Secret (Base64‑encoded RSA private key)

Keep your API Secret secure. It cannot be retrieved once lost.

API Domain

https://open-api.ceffu.com/

Authentication Requirements:

All API requests must include:

Header	Description
open-apikey	Your Ceffu API Key
signature	Base64 RSA signature of request payload

If the request is a POST request, sign the exact JSON body with API key. If the request is a GET request, sign the raw URL query string.

There is no fixed ordering of parameters, but the signed data must match the actual request data byte‑for‑byte.

Signing Rules:

Request Type	Signed Content
GET	Query string (e.g. param1=a&param2=b)
POST	Raw JSON body string

Signature Algorithm: SHA512withRSA

Attach the result in the signature header.

Example:

signature: {signatureValue}

Code Samples:

Pseudocode:

rsa_sign(sha512(data), private_key)

Node.js:

Python:

Java:

Overview#

API Domain#

Authentication Requirements:#

Signing Rules:#

Code Samples:#

Overview

API Domain

Authentication Requirements:

Signing Rules:

Code Samples: